ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

ICU: font parsing OOB read (OpenJDK 2D, 8056276)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

Oracle Java AtomicReferenceFieldUpdater Type Confusion (CVE-2014-4262)

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a type confusion flaw in AtomicReferenceFieldUpdater class. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing maliciously crafted Java applet...

Oracle Java System.arraycopy Race Condition (CVE-2014-0456)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to a race condition in System.arraycopy. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...

Oracle Java SE GSUB FeatureCount Buffer Overflow

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to check the "FeatureCount" value of the GSUB table used in controlling heap memory allocation. A remote unauthenticated attacker can exploit this vulnerability by persuading user...

Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass

No description provided by source. Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that...

Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase can be referenced by a java...

Mac OS X - Java applet Remote Deserialization Remote PoC (updated)

No description provided by source. Critical Mac OS X Java Vulnerabilities Introduction Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun. CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions...

Compaq Java Applet for Presario SpawnApp Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/557/info Some Compaq computers come with a Java applet called SpawnApp. This applet is used to run Compaq diagnostic utilities from the local hard drive when certain Compaq websites are viewed. The problem is that the...

Java CMM Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Microsoft Windows 98/2000 UDP Socket DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2340/info Microsoft Windows 2000 and 98 are subject to a denial of service condition. Receiving a maliciously crafted email or visiting a malicious web site could prevent Windows 2000 from DNS resolution and Windows 98 fr...

Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

opera web browser 7.54 java implementation Multiple Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. These issues may...

opera web browser 7.54 java implementation Multiple Vulnerabilities (3)

No description provided by source. source: http://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. These issues may...

openSUSE Security Update : seamonkey (seamonkey-4462)

Mozilla SeaMonkey was updated to the 2.0.14 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstance...

openSUSE Security Update : mozilla-js192 (mozilla-js192-4460)

Mozilla XULRunner 1.9.2 was updated to the 1.9.2.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)

Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

Citrix NetScaler Multiple Vulnerabilities (CTX140651)

The remote Citrix NetScaler version is affected by multiple vulnerabilities : - A low quality random number generation is used to produce secret key values in the implementation of the Diffie-Hellman key exchange algorithm in the management GUI Java applet. Publicly known predictors exist for the...

Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to invalid processing of the ReqFeatureIndex entry in the GSUB table. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java...